Jump to content

Ignore List

nord
 Share

Recommended Posts

nord

nord

Posted
Posted

I have MalwareBytes Pro 1.46 and one problem. (XP PRO SP3, Avast 6.0.1.000, Outpost 2009 Free Firewall)

I use Foxmail 5.0.800.0 as my email program. It uses puylib.dll (patched, not the original which put Secunia in an uproar some time ago now). Malwarebytes insists on blocking this part of Foxmail and I have to click on ignore each and every time I fire up Foxmail and go off to check mail from Google (default settings as SSL is handled by Avast).

How do you add a program to the Ignore List? I can't seem to find the setting anywhere.

Tks for listening.

Malwarebytes warning:

c:\program Files\Fox6\3rdParty\Punylib.dll (adware CNNIC)

Link to post
Share on other sites
exile360

exile360

Posted
Posted

Greetings and welcome :)

To ignore the item, open Malwarebytes' Anti-Malware and click on the Ignore List tab and click on the Add button and browse to the location of Punylib.dll and click on the file once and click OK. It should no longer be detected.

Also, if you believe this is a false positive you should refer to this post: Read before reporting a false positive!

and post the info here: False Positives (you'll need to do that before adding it to the Ignore List so that you can get a log of the detection for the researchers so they can see why it's being detected).

Thanks :)

Link to post
Share on other sites
Firefox

Firefox

Posted
Posted

Hello and :welcome:

Sorry exile360 I did not notice we were both replying to this topic....

Please follow exile360 insturctions on how to add the file to the ignore list, but you may also want to update your version of Malwarebytes to the latest version....

First things first, you are using verions 1.46 Pro of Malwarebytes, that is quite outdated (Current Version is 1.50.1.1100 with database 6333). Lets get you updated to the latest version then we will see if your problem continues....

Please do the following:


  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here

    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

Link to post
Share on other sites
nord

nord

Posted
  • Author
Posted

Hello and :welcome:

Sorry exile360 I did not notice we were both replying to this topic....

Please follow exile360 insturctions on how to add the file to the ignore list, but you may also want to update your version of Malwarebytes to the latest version....

First things first, you are using verions 1.46 Pro of Malwarebytes, that is quite outdated (Current Version is 1.50.1.1100 with database 6333). Lets get you updated to the latest version then we will see if your problem continues....

Thanks to everyone who responded.... and yes, 1.46 doesn't have the ignore list, so am off to uninstall and reinstalle 1.50.xxx now and will follow all the other instructions and then get back to y'all ASAP.

Much thanks.

Link to post
Share on other sites
nord

nord

Posted
  • Author
Posted

Excellent, thanks for keeping us up to date :).

exile360 and everyone else who helped!

All's well. Have updated to 1.50.1.1100 and latest definition files... Was able to add punylib.dll to the ignore list.

Hesitate to send info on for analysis as there are the old and bad (according to Secunia) versions out there along with the patched ones. I had to find the patched ones myself, some time ago, to make Foxmail 5 secure (or at least more secure than before).

Link to post
Share on other sites
exile360

exile360

Posted
Posted

You're most welcome :)

Please do still send it, because if it's not an actual infection, we certainly don't want our product detecting it. In fact, if you don't mind, it should be easy to see if it was only detected by the old database and not by the current one. Simply delete the item from the Ignore List, then perform another scan to see if it is still detected. If it isn't, you don't need it in your Ignore List any more, and if it is, please do report it to the researchers in the False Positives forum so that we can get the FP fixed.

Link to post
Share on other sites
nord

nord

Posted
  • Author
Posted

You're most welcome :)

Please do still send it, because if it's not an actual infection, we certainly don't want our product detecting it. In fact, if you don't mind, it should be easy to see if it was only detected by the old database and not by the current one. Simply delete the item from the Ignore List, then perform another scan to see if it is still detected. If it isn't, you don't need it in your Ignore List any more, and if it is, please do report it to the researchers in the False Positives forum so that we can get the FP fixed.

exile360,

OK, I'll do it, in the meantime this from properties:

C:\Program Files\Fox6\3rdParty\punylib.dll

v. 1.0.0.3

CodeLib

CNNIC

Chinese (PRC)

52.0 KB (53,248 bytes)

Link to post
Share on other sites
exile360

exile360

Posted
Posted

The scan log you posted doesn't show that detection, only the image does:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6337

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

4/11/2011 6:15:21 PM

mbam-log-2011-04-11 (18-15-00).txt

Scan type: Quick scan

Objects scanned: 169131

Time elapsed: 8 minute(s), 51 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

c:\documents and settings\One\start menu\Programs\syscleaner (Rogue.sysCleaner) -> No action taken. [497857c1ef11b24e258d1b159073db25]

Files Infected:

c:\documents and settings\One\start menu\Programs\syscleaner\sysclean.com.pif (Rogue.sysCleaner) -> No action taken. [497857c1ef11b24e258d1b159073db25]

c:\documents and settings\One\start menu\Programs\syscleaner\sysclean_faq.doc.lnk (Rogue.sysCleaner) -> No action taken. [497857c1ef11b24e258d1b159073db25]

c:\WINDOWS\Explorer.win (Heuristics.Reserved.Word.Exploit) -> No action taken. [f0d177a1e11f718febe3ea71f50f43bd]

They'll need a developer log that shows that file being detected in order to determine why it's being hit. They may also require a copy of the file itself.
Link to post
Share on other sites
nord

nord

Posted
  • Author
Posted

The scan log you posted doesn't show that detection, only the image does:They'll need a developer log that shows that file being detected in order to determine why it's being hit. They may also require a copy of the file itself.

exile360,

Sure. I'll do that now.

Link to post
Share on other sites
nord

nord

Posted
  • Author
Posted

The scan log you posted doesn't show that detection, only the image does:They'll need a developer log that shows that file being detected in order to determine why it's being hit. They may also require a copy of the file itself.

exile360,

FYI, the 3 files listed as infected don't actually seem to be such: Right Click in Windows Explorer with both MalwareBytes and Avast6 came up with nothing.

(I do have SysClean on my HD. Explorer.Win is a known exploit, but this one seems not to be.

Link to post
Share on other sites
nord

nord

Posted
  • Author
Posted

Thanks :)

I see that Nosirrah has responded to your False Positive topic and says that this should be fixed. Thanks a lot for helping us remove a FP from our database :).

exile360,

Saw his posts after yours, which is why once I finished the complete run, I posted to you not him with logs, etc. I'll go look at his post now. Thanks.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.